|
Full Disclosure
mailing list archives
Re: RDP, can it be done safely?
From: Marsh Ray <marsh () extendedsubset com>
Date: Thu, 10 Jun 2010 05:44:23 -0500
On 6/10/2010 4:44 AM, Larry Seltzer wrote:
All right, I guess you've got a point. I reflexively say VPN at times like
this because the very few reported RDP attacks I've seen have been MITM
attacks of the sort that VPNs effectively block. But a client
certificate/TLS implementation accomplishes the same thing and all you have
to open is the RDP port.
MS Terminal Services Gateway can be set up to require client cert
authentication and comes in over SSL/TLS over port 443 (RPC over HTTPS I
think).
Allowing raw RDP to come in through the firewall is not something I
would feel real good about.
- Marsh
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: RDP, can it be done safely? Larry Seltzer (Jun 10)
Re: RDP, can it be done safely? Jeffrey Walton (Jun 10)
Re: RDP, can it be done safely? Thor (Hammer of God) (Jun 10)
Re: RDP, can it be done safely? Jonathan Leigh (Jun 09)
Re: RDP, can it be done safely? musnt live (Jun 11)
|
